<?php
$Id = $_SESSION['tcADMINID'];
$Name = mysql_real_escape_string($_POST['name']);
$Email = $_POST['email'];
$Organisationname = mysql_real_escape_string($_POST['org_name']);
$Newstitle = mysql_real_escape_string($_POST['news_title']);
$Category = $_POST['category'];
$News = mysql_real_escape_string($_POST['maincont']);
$Item = $_POST['authorised'];

if($_POST['save_news']=='Submit')
{
	/*$DocName = $_FILES['content']['name'];
	$Document = stripslashes($_FILES['content']['name']);
	$extension = getExtension($Document); 	
	
		if($DocName != "")
		{
				if(($extension == "doc") || ($extension == "docx"))
				{
					$doc=rand().'.'.$extension;
					 $newname="../uploads/news/".$doc;
					 $copied = copy($_FILES['content']['tmp_name'], $newname);
					
					$sql = "insert into news (Title,Organisation,Name,Email,Authorised,News,Category,CreatedBy,Status,CreatedDate,Content) Values
									('$Newstitle','$Organisationname','$Name','$Email','$Item','$News','$Category','$Id',1,now(),'$doc')";
					
					$res = mysql_query($sql);
					
					$e = mysql_fetch_array(mysql_query("select * from users where Id='$Id'"));
							$email = "support@studysage.com";
							$from = "From: <$email>";
								$to = $TC_Email;
								$subject = "New News is Submitted in studysage.com";
								$message = "
Hello,

A new news ".$name." has been submitted at studysage.com

Submited By:".$e['FirstName']." ".$e['LastName']."

Please click on link below to login and approve news. 

";
					mail($to, $subject, $message, $from);
								
					//header("location: index.php?tc=news_add&News=true");
					echo "<script>window.location='index.php?tc=news_add&News=true'</script>";
				}
				else
				{
					//header("location: index.php?tc=news_add&News=f");
					echo "<script>window.location='index.php?tc=news_add&News=f'</script>";
				}
							
		}
		else
		{
				$sql = "insert into news (Title,Organisation,Name,Email,Authorised,News,Category,CreatedByStatus,CreatedDate) Values
										('$news_title','$Organisationname','$Name','$Email','$Item','$News','$Category','$Id',1,now())";
				$res = mysql_query($sql);
				
				$e = mysql_fetch_array(mysql_query("select * from users where Id='$Id'"));
							$email = "support@studysage.com";
							$from = "From: <$email>";
								$to = $TC_Email;
								$subject = "New News is Submitted in Studysage.com";
								$message = "
Hello,

A new news ".$name." has been submitted at studysage.com

Submited By:".$e['FirstName']." ".$e['LastName']."

Please click on link below to login and approve news. 

";
							
				mail($to, $subject, $message, $from);
								
				//header("location: index.php?tc=news_add&News=true");
				echo "<script>window.location='index.php?tc=news_add&News=true'</script>";
		}*/
		
		if($_FILES['content']['name']!="")
		{
		echo $file=gmdate('YmdHis').$_FILES["content"]["name"] ;
        move_uploaded_file($_FILES["content"]["tmp_name"],"../uploads/news/".$file);
	 
			$sql = "insert into news (Title,Organisation,Name,Email,Authorised,News,Category,CreatedBy,Status,CreatedDate,Content) Values
									('$Newstitle','$Organisationname','$Name','$Email','$Item','$News','$Category','$Id',1,now(),'$file')";
					
					$res = mysql_query($sql);
			
		
			echo "<script>window.location='index.php?tc=news_add&News=true'</script>";
	}
	else
	{
	$file="";
	$sql = "insert into news (Title,Organisation,Name,Email,Authorised,News,Category,CreatedBy,Status,CreatedDate,Content) Values
									('$Newstitle','$Organisationname','$Name','$Email','$Item','$News','$Category','$Id',1,now(),'$file')";
					
					$res = mysql_query($sql);	
		echo "<script>window.location='index.php?tc=news_add&News=true'</script>";
	}	
}
?>